Commit Graph

19591 Commits

Author SHA1 Message Date
Bjarki 4916870dff fix(compiler): only promote Trusted Types to constants when necessary (#39554)
Previously all constant values of security-sensitive attributes and
properties were promoted to Trusted Types. While this is not inherently
bad, it is also not optimal.

Use the newly added Trusted Types schema to restrict promotion to
constants that are in a Trusted Types-relevant context.

PR Close #39554
2020-11-23 08:29:08 -08:00
Bjarki c8a99ef458 fix(compiler): disallow i18n of security-sensitive attributes (#39554)
To minimize security risk (XSS in particular) in the i18n pipeline,
disallow i18n translation of attributes that are Trusted Types sinks.
Add integration tests to ensure that such sinks cannot be translated.

PR Close #39554
2020-11-23 08:29:06 -08:00
Bjarki bb70a9bda4 feat(compiler): support error reporting in I18nMetaVisitor (#39554)
Make it possible to report errors from the I18nMetaVisitor parser.

PR Close #39554
2020-11-23 08:29:05 -08:00
Bjarki 358c50e226 feat(compiler): add schema for Trusted Types sinks (#39554)
Create a schema with an associated function to classify Trusted Types
sinks.

Piggyback a typo fix.

PR Close #39554
2020-11-23 08:29:04 -08:00
David-Emmanuel DIVERNOIS c7f4abf18a feat(common): allow any Subscribable in async pipe (#39627)
As only methods from the Subscribable interface are currently used in the
implementation of the async pipe, it makes sense to make it explicit so
that it works successfully with any other implementation instead of
only Observable.

PR Close #39627
2020-11-23 08:28:11 -08:00
Kapunahele Wong 0870af1740 docs: edit start-data.md (#39628)
PR Close #39628
2020-11-23 08:26:23 -08:00
Krivokhizhin Anton b668768c0a test(forms): verify that an object is not a boxed value if only `disabled` field is present (#39801)
The value of a `FormControl` is treated in a special way (called boxed values) when it's an object with exactly
2 fields: `value` and `disabled`. This commit adds a test which verifies that an object is not treated as a boxed
value when `disabled` field is present, but `value` is missing.

PR Close #39801
2020-11-23 08:25:08 -08:00
Marcono1234 3e1e5a15ba docs: update links to use HTTPS as protocol (#39718)
PR Close #39718
2020-11-20 12:52:16 -08:00
Kristiyan Kostadinov 1a26f6da6e fix(core): migration error if program contains files outside of the project (#39790)
Currently all of our migrations are set up to find the tsconfig paths within a project,
create a `Program` out of each and migrate the files inside of the `Program`. The
problem is that the `Program` can include files outside of the project and the CLI
APIs that we use to interact with the file system assume that all files are within
the project.

These changes consolidate the logic, that determines whether a file can be migrated,
in a single place and add an extra check to exclude files outside of the root.

Fixes #39778.

PR Close #39790
2020-11-20 12:51:19 -08:00
Joey Perrott b1ebfb1cab feat(dev-infra): support squashing fixups in the `ng-dev pr rebase` command (#39747)
Adding support for squashing fixup commits during when rebasing can allow
for rebasing to better unblock things like merging.

PR Close #39747
2020-11-20 12:49:43 -08:00
Joey Perrott 881b77ef46 refactor(dev-infra): move `parseCommitMessagesForRange` into the parse file (#39747)
When attempting to actually rely on `parseCommitMessagesForRange`, it became apparent
that the function really belongs in the parse file, rather than utils.

PR Close #39747
2020-11-20 12:49:42 -08:00
andyg3 e2ce9af115 docs: update /deep/ to ::ng-deep in component styles example (#32398)
Update example because ::ng-deep is the preferred syntax.

PR Close #32398
2020-11-20 12:48:14 -08:00
Kara Erickson ff0a90e4a8 fix(core): meta addTag() adds incorrect attribute for httpEquiv (#32531)
Meta::addTag() adds a meta tag with httpEquiv attribute instead of http-equiv when
MetaDefinition contains httpEquiv property.

PR Close #32531
2020-11-20 09:26:08 -08:00
Kapunahele Wong 156f9f30ae docs: edit di providers doc (#39403)
Edits copy and removes tokens and treeshaking
sections to reduce content duplication and keep
info focused. Moves provideParent() from di-navtree
to di providers.

PR Close #39403
2020-11-20 09:24:51 -08:00
Keen Yee Liau 9aaa86967d build(language-service): include sources for Ivy LS (#39748)
We need to expose the declaration files for Ivy sources so that they can
be consumed by the Angular language server (`@angular/language-server`).

PR Close #39748
2020-11-20 09:23:45 -08:00
Andrew Scott c33a8235d9 fix(router): correctly handle string command in outlets (#39728)
There are many places where examples use just a string for the command
in outlets. When using nested outlets, we do not correctly handle
this case, as the types and algorithm always expect an array.
This PR updates the `createUrlTree` algorithm to account for the
possibility of a string literal as the command for an outlet.

Fixes #18928

PR Close #39728
2020-11-20 08:38:31 -08:00
Pete Bacon Darwin 969ad329de refactor(compiler): tidy up interpolation splitting (#39717)
When parsing for i18n messages, interpolated strings are
split into `Text` and `Placeholder` pieces.  The method that
does this `_visitTextWithInterpolation()` was becoming too
complex. This commit refactors that method along with some
associated functions that it uses.

PR Close #39717
2020-11-20 08:35:56 -08:00
Pete Bacon Darwin 0462a616c3 fix(compiler): ensure that placeholders have the correct sourceSpan (#39717)
When the `preserveWhitespaces` is not true, the template parser will
process the parsed AST nodes to remove excess whitespace. Since the
generated `goog.getMsg()` statements rely upon the AST nodes after
this whitespace is removed, the i18n extraction must make a second pass.

Previously this resulted in innacurrate source-spans for the i18n text and
placeholder nodes that were extracted in the second pass.

This commit fixes this by reusing the source-spans from the first pass
when extracting the nodes in the second pass.

Fixes #39671

PR Close #39717
2020-11-20 08:35:55 -08:00
Pete Bacon Darwin 6b38c44a22 test(compiler-cli): add source-mapping test helper (#39717)
This helper improves the message given when an expectation
fails in a source-mapping test.

PR Close #39717
2020-11-20 08:35:54 -08:00
JiaLiPassion 1cba56e11f refactor(core): remove unused fakeAsyncFallback and asyncFallback (#37879)
`zone.js` 0.8.25 introduces `zone-testing` bundle and move all `fakeAsync/async` logic
from `@angular/core/testing` to `zone.js` package. But in case some user still using the old
version of `zone.js`, an old version of `fakeAsync/async` logic were still kept inside `@angular/core/testing`
package as `fallback` logic. Since now `Angular8+` already use `zone.js 0.9+`, so
those fallback logic is removed.

PR Close #37879
2020-11-20 08:34:59 -08:00
Serginho 66d863febe fix(animations): getAnimationStyle causes exceptions in older browsers (#29709)
PR #29709 getAnimationStyle causes exceptions in older browsers

PR Close #29709
2020-11-20 08:33:19 -08:00
cexbrayat 5fa767363d fix(router): remove duplicated getOutlet function (#39764)
The codebase currently contains two `getOutlet` functions,
and they can end up in the bundle of an application.
A recent commit 6fbe21941d tipped us off
as it introduced several `noop` occurrences in the golden symbol files.
After investigating with @petebacondarwin,
we decided to remove the duplicated functions.

This probably shaves only a few bytes,
but this commit removes the duplicated functions,
by always using the one in `router/src/utils/config`.

PR Close #39764
2020-11-20 08:31:14 -08:00
Jacob Foshee fe1ada86e8 docs: add missing return to example storage.service.ts (#31434)
While JavaScript does support implicit returns, it seems TypeScript will not infer the function return type from
the implicit return of the last statement (at least not in TS 3.4.3). So, when the `return` is missing from the
`get` function the implicit type of the function is `void`. So for the `get` function to be usable it needs to an
explicit return.

PR Close #31434
2020-11-20 08:28:56 -08:00
Will Mendes 17d5266cdb docs: add ngx-skeleton-loader module into resources page (#39352)
PR Close #39352
2020-11-19 12:27:38 -08:00
WilliamKoza b1d300dc26 fix(common): Prefer to use pageXOffset / pageYOffset instance of scrollX / scrollY (#28262)
This fix ensures a better cross-browser compatibility.
This fix has been used for angular.io.

PR Close #28262
2020-11-19 12:22:03 -08:00
Sonu Kapoor be998e830b refactor(core): move `injectAttributeImpl` to avoid cycles (#37085)
This commit moves the `injectAttributeImpl` and other dependent code
to avoid circular dependencies.

PR Close #37085
2020-11-19 12:19:42 -08:00
Sonu Kapoor f5cbf0bb54 fix(core): support `Attribute` DI decorator in `deps` section of a token (#37085)
This commit fixes a bug when `Attribute` DI decorator is used in the
`deps` section of a token that uses a factory function. The problem
appeared because the `Attribute` DI decorator was not handled correctly
while injecting factory function attributes.

Closes #36479

PR Close #37085
2020-11-19 12:19:41 -08:00
Issei Horie a965589eb8 feat(core): adds get method to QueryList (#36907)
This commit adds get method to QueryList.
The method returns an item of the internal results by index number.

PR Close #29467

PR Close #36907
2020-11-19 12:18:30 -08:00
Bjarki ce604b909b test(core): rename ivy-trusted-types integration test to trusted-types (#39614)
Since there won't be a ViewEngine-specific integration test, we don't
need the Ivy prefix.

PR Close #39614
2020-11-19 12:16:41 -08:00
Bjarki 569086a974 test(core): add e2e tests to ivy-trusted-types integration test (#39614)
Make sure that all Trusted Types-relevant sinks that can appear in an
Angular template (e.g. not <script>, since it's forbidden) continue to
work as expected with correct sanitization semantics, without
introducing Trusted Types violations.

PR Close #39614
2020-11-19 12:16:39 -08:00
Bjarki c2298512b3 test(core): enforce Trusted Types in ivy-trusted-types integration test (#39614)
Enforce Trusted Types in the ivy-trusted-types integration test by
setting an appropriate CSP header in the project's angular.json.

PR Close #39614
2020-11-19 12:16:38 -08:00
Bjarki 4dcf51a233 test(core): enable ivy-trusted-types integration test (#39614)
Add ivy-trusted-types to the list of enabled unit tests in
integration/BUILD.bazel

PR Close #39614
2020-11-19 12:16:37 -08:00
Bjarki 6e1708a2eb test(core): make ivy-trusted-types similar to other integration tests (#39614)
- @angular dependencies point to ../../dist
- use absolute versions for other dependencies
- add a yarn.lock
- create ci-specific targets
- make karma and protractor use correct Chrome binary

PR Close #39614
2020-11-19 12:16:36 -08:00
Bjarki fc0ee5be5f test(core): create ivy-trusted-types integration test (#39614)
Create an integration test for testing support for Trusted Types in Ivy.
Generated with:

```
yarn ng new ivy-trusted-types -g --skip-install --style css --routing --strict
```

PR Close #39614
2020-11-19 12:16:35 -08:00
Andrew Scott 1eb4066c2e refactor(compiler-cli): Expose API for mappping from TCB to template location (#39715)
Consumers of the `TemplateTypeChecker` API could be interested in
mapping from a shim location back to the original source location in the
template. One concrete example of this use-case is for the "find
references" action in the Language Service. This will return locations
in the TypeScript shim file, and we will then need to be able to map the
result back to the template.

PR Close #39715
2020-11-19 12:15:22 -08:00
Andrew Scott fae2769f44 refactor(compiler-cli): Add additional shim locations to reference and variable symbols (#39715)
Both `ReferenceSymbol` and `VariableSymbol` have two locations of
interest to an external consumer.
1. The location for the initializers of the local TCB variables allow consumers
to query the TypeScript Language Service for information about the initialized type of the variable.
2. The location of the local variable itself (i.e. `_t1`) allows
consumers to query the TypeScript LS for references to that variable
from within the template.

PR Close #39715
2020-11-19 12:15:21 -08:00
cexbrayat 066126ae2f fix(core): remove duplicated noop function (#39761)
The codebase currently contains several `noop` functions,
and they can end up in the bundle of an application.
A recent commit 6fbe21941d tipped us off
as it introduced several `noop` occurrences in the golden symbol files.
After investigating with @petebacondarwin,
we decided to remove the duplicated functions.

This probably shaves only a few bytes,
but this commit removes the duplicated functions,
by always using the one in `core/src/utils/noop`.

PR Close #39761
2020-11-19 12:14:12 -08:00
George Kalpakas 935cf433ed fix(docs-infra): support recovering from unrecoverable SW states (#39651)
Occasionally, the SW would end up in a broken state where some of the
eagerly cached resources of an older version were available in the local
cache, but others (such as lazy-loaded bundles) were not. This would
leave the app in a broken state and a blank screen would be displayed.
See #28114 for a more detailed discussion.

This commit takes advantage of the newly introduced (in v11)
[SwUpdate#unrecoverable][1] API to detect these bad states and recover
by doing a full page reload whenever an [UnrecoverableStateEvent][2] is
emitted.

Partially addresses #28114.

NOTE:
Currently, `SwUpdate.unrecoverable` only works if the app has already
bootstrapped; i.e. if only lazy-loaded bundles have been purged from the
cache.
That should be fine in practice, since the cache entries are removed in
least-recently-used order. Thus the eagerly loaded bundles will be the
last to be removed from the cache (which rarely happens in practice).

[1]: https://v11.angular.io/api/service-worker/SwUpdate#unrecoverable
[2]: https://v11.angular.io/api/service-worker/UnrecoverableStateEvent

PR Close #39651
2020-11-19 12:13:23 -08:00
George Kalpakas 305d05545a refactor(docs-infra): make `SwUpdatesService` depend on `LocationService` (#39651)
Previously, the `LocationService` depended on the `SwUpdatesService`.
This felt backwards, since `LocationService` is a more low-level and
basic service and should not be depending on a service for a
higher-level, specific feature (ServiceWorkers).

This commit inverses the relation, making `SwUpdatesService` depend on
`LocationService` instead.

PR Close #39651
2020-11-19 12:13:22 -08:00
George Kalpakas 824f051843 test(docs-infra): use existing `MockLogger` class in `SwUpdatesService` tests (#39651)
Since we have a `MockLogger` class in `src/testing/`, there is no need
to create a new `MockLogger` class for the `SwUpdatesService` unit
tests.

This commit switches to using the `MockLogger` class from
`src/testing/`.

PR Close #39651
2020-11-19 12:13:21 -08:00
Andrew Kushnir 0e859381bc docs: release notes for the v11.0.2 release 2020-11-19 11:49:17 -08:00
Kristiyan Kostadinov 81d72a1e37 fix(router): migration incorrectly replacing deprecated key (#39763)
In #38762 we added a migration to replace the deprecated `preserveQueryParams`
option with `queryParamsHandling`, however due to a typo, we ended up replacing it
with `queryParamsHandler` which is invalid.

Fixes #39755.

PR Close #39763
2020-11-19 09:08:10 -08:00
Kapunahele Wong 61506404a9 docs: move di-in-action doc to conceptual ref section (#39544)
Removes duplicate info, moves document into conceptual
reference section, but doesn't edit remaining content.
Groups two dependency injection documents together in
one expandable nav section.

PR Close #39544
2020-11-19 08:56:14 -08:00
JiaLiPassion 1951342124 docs(zone.js): update zone.js readme for the bundle format (#39508)
There is a typo in zone.js bundle format breaking change part,
the correct version should be `0.11.1` not `0.11.11`, and add
more clear text to explain the new bundle format directory structure.

PR Close #39508
2020-11-18 16:25:12 -08:00
Pete Bacon Darwin 5b45fab19d build: update to latest "yargs" package (#39749)
The 15.x versions of `yargs` relied upon a version of `y18n` that
has a SNYK vulnerability.
This commit updates the overall project, and therefore also the
`localize` and `compiler-cli` packages to use the latest version
of `yargs` that does not depend upon the vulnerable `y18n`
version.
The AIO project was already on the latest `yargs` version and so
does not need upgrading.

Fixes #39743

PR Close #39749
2020-11-18 16:09:39 -08:00
Keen Yee Liau d001ecc5a0 docs: fix confusing description for strictTemplates (#39745)
This commit fixes a confusing description of the `strictTemplates` flag.

> When `true`, enables strict template type checking in Angular version 9.

This seems to imply that the flag is only available in one version.
Strict template type checking is available in version 9 **and above**.

PR Close #39745
2020-11-18 16:00:35 -08:00
David Shevitz f8c623036e docs: Update releases.md with v11 information. (#39716)
PR Close #39716
2020-11-18 15:56:07 -08:00
George Kalpakas b521b5eb39 build(docs-infra): update @angular/material to 11.0.0 (#39600)
This commit updates `@angular/cdk` and `@angular/material` to version
11.0.0.

PR Close #39600
2020-11-18 15:49:17 -08:00
George Kalpakas 882804dd01 build(docs-infra): update @angular/* to 11.0.0 and @angular/cli to 11.0.1 (#39600)
This commit updates `@angular/*` and `@angular/cli` (and related
packages) to latest 11.0.x versions (11.0.0 and 11.0.1 respectively).
(See [here][1] for a diff between a v11.0.0-rc.2 and a v11.0.1 CLI app.)

[1]: https://github.com/cexbrayat/angular-cli-diff/compare/11.0.0-rc.2...11.0.1

PR Close #39600
2020-11-18 15:49:17 -08:00
George Kalpakas cfb7564dda build(docs-infra): update @angular/material to 11.0.0-rc.1 (#39600)
This commit updates `@angular/cdk` and `@angular/material` to version
11.0.0-rc.1.

PR Close #39600
2020-11-18 15:49:16 -08:00